회사소개

제품

안내

고객지원

Company

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

Notice

Title Date
National Univ. Hospital Introduced Anti-APT Solution by NPCore
  • Protect hospital’s network and endpoint from advanced cyberattacks
NPCore (CEO Seung-chul Han) announced that it provided the APT(Advanced Persistent Threat) attack response solution to the national university hospital to defend against recently increasing cyberattacks targeting hospitals and medical institutions. This year, there were a lot of cybersecurity incidents where the weaknesses of information security of domestic medical institutions were revealed. In April, medical institutions including famous university hospital were attacked by Deface, and earlier in January, Cryptojacking (malware for cryptocurrency mining) was carried to the hospital. Photo by rawpixel on Unsplash

Photo by rawpixel on Unsplash

On the other hand, APT attack and Ransomware solution 'ZombieZERO Inspector' delivered by NPCore to university hospital can cope with new and variant malware which is difficult to cope with vaccine and prevent damage due to intelligent attack. ZombieZERO Inspector configures the same sandbox environment as user PC environment to provide detection results after malicious behavior monitoring and analysis. It collects packets on the network and performs analysis of four stages of signature and behavior based analysis. It supports analysis of various document formats such as PE file (DLL, EXE), compressed file, MS-Office, HWP and PDF. It also analyzes the outbound and inbound URLs and IP access patterns to double detect and block C&C server and malware access. The malware detection rate can be further improved by additionally introducing ZombieZERO EDR(Endpoint Detection & Response), an endpoint APT attack defense solution. ZombieZERO products link and analyze network information with agent analysis information of endpoint. Last year, the National Hospital introduced 'ZombieZERO EDR for Server' to protect the server. It holds the execution of malware and detects it through a behavior-based engine in the sandbox, preventing infection in advance, and responding to encryption and latent malware attacks that bypass the network security system. Interworking with new Ministry of Education Cyber Security Center (ECSC) is one of the main reasons why NPCore's APT solution has been adopted. ZombieZERO Inspector is an integrated hardware that passes the ECSC "MTM / ETM Standard Interoperability Specification" test. "Through this project, we have blocked the influx of new malware into the university hospital system and established an active defense system that can detect and block zero-day attacks and existing security system bypass attacks in real time," said CEO of NPCore.
2018.12.21

i-Web was infected by Ransomware damaging thousands of web sites

Author
admin
Date
2018-09-27 14:57
Views
286
The following is an English version of the " 아이웹 랜섬웨어 감염 사태로 수천여개 웹사이트 피해 (i-Web was infected by Ransomware damaging thousands of web sites)" written by Boaanews reporter Kyoung-Ae Kim.

*Original article link: https://www.boannews.com/media/view.asp?idx=73260&kind=0

[Boannews Reporter Kyoung-Ae Kim] i-Web, a website maker that provides a free website builder, was attacked by Ransomware during the Chuseok holiday. The i-Web builder database (DB) server was encrypted and more than a thousand websites have been damaged by Ransomware.


▲i-Web customer service board [image=-boannews]

According to boannews, it is known that the damage caused by Ransomware attack is 2,000 ~ 3,000 websites using the i-Web, and many of the Internet shopping malls including summer beach event site are occupied.

Until now, the server has been restored and operated normally, but the important data revealed on the i-Web has not been restored to the database so far. Also, in the explanation that the DB area revealed on the i-Web side is encrypted with the latest technology, the result of the report is confirmed that the encryption method is not the latest technology.

Ransomware attackers were reportedly threatening to pay 100 million won worth of coins for their money on the i-Web. It is believed that the purpose of the attacker was to crack the money by inducing the conflict with the i-Web side by attacking most of the small business people by encrypting the small web site, DB etc. stored in the server with the target of the i-Web Builder server. It is likely to be a strategy to lead negotiations by drawing customer protest, such as the case of the Internet hosting service provider Nayana.

It is reported that Cyber Security Bureau of the National Police Agency and the Korea Internet Development Agency (KISA) are currently under investigation for details such as whether Ransomware has been infected.